>Maybe libpam should provide its own logging interface which could be
>overriden from applications. Then the module name would be available
>separately from the string being logged, and the logging function
>could decide whether it uses it as syslog ident or as a part of the
>message. The default logging function provided in libpam could check
>a global variable to find out whether it needs to call openlog(), etc.
See the following notes from the FreeBSD port of
Linux-PAM;
/*
* the standard libc interface for syslog suffers from some problems.
* The first is that it is not thread safe. It is also three functions
* where PAM only really needs a "log this" function. It also does
* not provide modules and applications with information about whether
* the log is currently open or not etc... All of these things mean
* that we need to centralize PAM's logging facility. These two functions
* provide this centralization. They are, however, just a gateway to
* libc's openlog/syslog/closelog functions. Please note, your apps/modules
* will likely start to segfault if you do not use this function for
* system logging.
*/
struct pam_log_state {
char *ident;
int option;
int facility;
};
...
extern void pam_system_log(const pam_handle_t *pamh,
const struct pam_log_state *log_state,
int priority, const char *format, ... );
-- Luke
--
Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com
